Privacy Policy

Section I

General information

Collection of personal data

Below we will inform you about the collection of personal data during use of our website, which you are currently visiting and on which this data privacy policy is available. Personal data are all data that can be attributed to you personally, such as name, address, e-mail address, and user behaviour. We process your personal data according to the rules set out under the European General Data Protection Regulation (GDPR), the German Federal Data Protection Act NEW (BDSG), and all other relevant laws concerning the processing of personal data.

Fundamentally, we collect only those data that are legally or contractually laid down or are necessary to complete a contract. Voluntary information is indicated as such. No negative consequences are associated with not providing this data. However, not providing certain information at specific times can make communication with you more difficult or delayed, for example.

Controller, data protection officer contact information

(1) The ‘controller’ according to Art. 4 Par. 7 GDPR is:

EXOP GmbH

Byk-Gulden-Straße 24

78467 Konstanz, Germany

e-mail: info@exop-group.com

Phone: 07531 94216-0

(2) Our data protection officer may be reached at:

Beauftragter für den Datenschutz

c/o EXOP GmbH

Byk-Gulden-Straße 24

78467 Konstanz, Germany

e-mail: ds@exop-group.com

Legal basis for our data processing:

The legal basis for data processing comes from the prescriptions of Art. 6 GDPR. Most of our data processing has the following bases:

the basis of consent, Art. 6, Para. 1, Item (a) GDPR

to fulfil a contract, Art. 6, Para. 1, Item (b) GDPR

to fulfil a legal obligation, Art. 6, Para. 1, Item (c) GDPR

to safeguard legitimate interests, Art. 6, Par. 1, Item (f) GDPR

In accordance with Art. 13 GDPR, the underlying legal basis for each instance is specified below in the relevant processing procedures in this privacy policy.

(4) If we make use of contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the relevant processes in this privacy policy below. We also specify the defined criteria for the storage period.

Your rights as a data subject

(1) In accordance with the GDPR, you have the following rights with respect to the personal data we collect from you:

Right to access, Art. 15 GDPR

Right to rectification, Art. 16 GDPR

Right to erasure (‘right to be forgotten’), Art. 17 GDPR

Right to restriction of processing, Art. 18 GDPR

Right to data portability, Art. 20 GDPR

Right to object to processing, Art. 21 GDPR (see Item 5, below).

(2) According to Art. 22 GDPR, you also have the right not to be subject to a decision based exclusively on automated processing – including profiling – which has legal effect on you or significantly affects you in a similar manner, provided that the decision

is not necessary for the conclusion or performance of a contract between you as the data subject and us as the controller,

is authorised by Union or Member State law to which we as the controller are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests as a data subject; or

with your express consent.

(3) If you are of the opinion that data concerning you are being processed contrary to the data protection regulations, you have the right to appeal to a supervising authority in accordance with Art. 77 GDPR. The right of appeal is valid, whether a particular appeal is presented to a supervising authority in the member state in which you reside or in the place where the alleged breach occurred. In Baden-Württemberg, the responsible supervising authority is the State Commissioner for Data Protection and Freedom of Information, Königsstrasse 10a, 70173 Stuttgart, Germany.

Your right to object and revoke

Your right to revoke consent

You have the right to revoke your consent at any time without that revocation affecting the legality of the processing to date. If consent is revoked, we cease the affected data processing.

Your right to object given legitimate interests

According to Art. 21 GDPR, you have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which are collected on the basis of Art. 6 para. 1 Item (f) GDPR. We will then no longer process the personal data unless there are demonstrably compelling legitimate reasons for the processing which outweigh the interests, rights, and freedoms of the data subject, or the processing serves to assert, exercise, or defend legal claims.

Your right to object in the event of direct marketing

In accordance with Art. 21 GDPR, you have the right to object to the processing of your personal data for the purpose of direct marketing, the exercise of which right leads to the termination of the processing for the purpose of direct marketing or protection of legitimate interests.

Section II

Collection of personal data for informational use of our website, use of cookies

Data collection for purely informational use

(1) You can visit our website without having to provide any personal information. If you use our website for information purposes only (that is, if you do not register or otherwise provide us with information), we collect only the personal data that your browser transmits to our server and stores in log data (server log files). If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security. The legal basis for this is Art. 6, Para. 1, Item (f) GDPR:

– IP address

– Date and time of the query

– Time zone difference to Greenwich Mean Time (GMT)

– Content of the request (specific page)

– Access status/HTTP status code

– Amount of data transferred in each case

– Website from which the request comes

– Browser

– Operating system and its interface

– Browser software language and version

Cookies

(1) In addition to the aforementioned data, cookies are stored on your computer when you use our website. An information bar that is displayed when you visit our website will inform you about this. Cookies are small text files that are stored on your hard disk in the browser you use and through which certain information flows to the place that sets the cookie. Cookies cannot run programs or transmit viruses to your computer.

Cookies serve to make the internet offer more user-friendly and effective overall. We also use cookies to identify you for subsequent visits.

The processing (the use of cookies) is carried out on the legal basis of Art. 6 Para. 1 Item (f) GDPR for the legitimate interest of achieving the aforementioned objectives.

(2) Types of cookies used:

a) This website uses the following types of cookies, the scope and functioning of which are explained below:

Transient cookies (see aa)),

Persistent cookies (see bb)).

aa) ‘Transient cookies’ are automatically deleted when you close your browser. The most important of these are the so-called session cookies. These cookies store a so-called session ID with which various requests from your browser can be assigned to the common session. This will allow your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close your browser.

bb) ‘Persistent cookies’ are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser.

b) You can configure your browser settings according to your wishes and, for example, refuse the acceptance of third party cookies or any cookies at all. By default, internet browsers are set to accept cookies. However, you can deactivate the storage of cookies or set your browser so that it is asked before cookies are sent. For more information, see the help function of the browser you use. Use the links below to find out how you can manage and deactivate cookies on the most popular browsers:

Please note that deactivating/restricting cookies can cause problems when you use our offers; for instance, you may not be able to access your content within the scope of your subscription, or you may have to register each time you visit our website. You can actively delete the cookies used on our websites at any time in the internet browser you are using.

Section III

Special types of use (other functions/services) of our website

(1) In addition to the purely informational use of our website (see Section II.), we offer various services and functions which you can use if you are interested. As a rule, you must provide further personal data which we need and use to provide the service in question and to which the aforementioned data processing principles also apply.

(2) In some cases, we use external service providers to process your data. We have carefully selected and commissioned these providers, and they are bound by our instructions and regularly checked.

(3) Furthermore, we may pass on your personal data to third parties if we offer participation in promotions, competitions, conclusion of contracts, or similar services together with partners. You will receive more information on this when you enter your personal data, or see below in the description of the offer in question.

(4) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offer in question.

When you contact us by e-mail or via our contact form, we store the data you provide (e-mail address, first and last name, company – entering your telephone number and your position is optional) for the purpose of answering your enquiries and sending you information and offers on the X-ASSIST, X-ADVICE, and shortcut.one products. We delete the data arising in this context after storage is no longer required, or limit the processing if there are legal storage obligations.

Newsletter

(1) Giving your consent allows you to subscribe to our newsletter, with which we inform you about the current mobility risks or about our current interesting offers. The advertised services are named in the declaration of consent.

(2) The only mandatory information for sending the newsletter is your e-mail address. After you give your consent by activating the checkbox and sending your registration, we save your e-mail address for the purpose of sending the newsletter and information and offers on the X-ASSIST, X-ADVICE, and shortcut.one products. The legal basis for this is Art. 6, Par. 1, Item (a) GDPR.

(3) You can revoke your consent to the sending of the newsletter at any time and cancel the newsletter. You can declare your revocation by clicking on the link provided in every newsletter e-mail, by sending an e-mail to support@exop-group.com, or by sending a message to the contact details given in the imprint.

(4) We would like to point out that we evaluate your user behaviour when we send the newsletter. For the evaluations, we link the data described in Section II Item 1. and links embedded in the newsletter with your e-mail address and an individual ID. We only record when you read our newsletters and what links you click in them. In principle, we do not create a user profile about you with the data obtained in this way; we assign the data only if we have already saved a profile of you.

(5) You can object to this tracking at any time, but only by clicking on the link provided in each newsletter e-mail, by sending an e-mail to support@exop-group.com, or by sending a message to the contact data stated in the imprint and thereby unsubscribing from our newsletter.

(6) Your data will be forwarded to our subsidiary, Advanced Analytics GmbH, for the purpose of sending the newsletter. It uses the Mailjet e-mail distribution service, 37 Bis Rue du Sentier 75002 Paris, France for provision of the newsletter. More information about data protection for Mailjet can be found here: https://www.mailjet.de/privacy-policy/.

Application

If you apply to us online using our contact form, we will store the data you provide (CV, certificates, qualifications, answers to questions, etc.) for processing your application and for establishing an employment relationship in our company. The legal basis is derived from Art. 6, Par. 1, Item (b), 88 in connection with § 26 BDSG new. We will delete the personal data stored in connection with your application after storage is no longer necessary or limit processing if there are legally mandated retention periods. Storage is no longer required if there is no hire. Your data will then be kept regularly for a maximum of twelve months after conclusion of the application process. If you have not been hired, but your application is still of interest to us, we will ask for your consent to keep your application available for future vacancies. Only authorised human resources department employees will have access to your data. We may transfer your personal data to third parties if there is a legal basis for such processing. In addition, we may pass on your data to external service providers (software providers or IT service providers for remote maintenance and support, for instance) within the framework of order processing in accordance with instructions.

Section IV

Social media plugins

Integration of YouTube videos

(1) We have integrated YouTube videos into our online offer; they are stored on https://www.YouTube.com and can be played directly from our website. These are all integrated in the ‘extended data protection mode’; that is, no data about you as a user will be transmitted to YouTube if you do not play the videos. Only when you play the videos will the data referred to in Paragraph 2 be transferred. We have no influence on this data transmission.

(2) Visiting the website provides YouTube with the information that you have accessed the corresponding subpage of our website. The information described in Section II (1) of this declaration are also transferred. This is independent of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your information will be associated directly with your account. If you do not wish to be associated with your profile on YouTube, you must log out before clicking the button. YouTube stores your data as user profiles and uses them for purposes of advertising, market research, and/or demand-oriented design of its website. Of primary interest here is that this evaluation takes place (even for unlogged-in users) to provide demand-oriented advertising and inform other social network users of your activities on our website. You have the right to object to the creation of these user profiles, but you must contact YouTube to exercise this right.

(1) We have integrated Vimeo videos into our online offer; they are stored on https://www.vimeo.com and can be played directly from our website.

(2) Visiting the website provides Vimeo with the information that you have accessed the corresponding subpage of our website. The information described in Section II (1) of this declaration are also transferred. If you are logged in as a member of Vimeo, Vimeo associates this information to your personal user account. When you use the plugin (by clicking the start button of a video, for example), this information is also associated to your user account. You can prevent this association by logging out of your Vimeo account and deleting the corresponding Vimeo cookies before using our website.

(3) For more information about the purpose and scope of data collection and processing by Vimeo, LLC, headquartered at 555 West 18th Street, New York, New York 10011, see its privacy policy. You will also find more information about your rights and privacy setting options there: https://vimeo.com/privacy.